diff --git a/.github/workflows/builder-update.yaml b/.github/workflows/builder-update.yaml index 2d3213b331..e6e1702f49 100644 --- a/.github/workflows/builder-update.yaml +++ b/.github/workflows/builder-update.yaml @@ -14,10 +14,10 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout Sysdig - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Set up QEMU - uses: docker/setup-qemu-action@v2 + uses: docker/setup-qemu-action@v3 with: platforms: 'amd64,arm64' @@ -25,7 +25,7 @@ jobs: uses: docker/setup-buildx-action@v2 - name: Login to Github Packages - uses: docker/login-action@v2 + uses: docker/login-action@v3 with: registry: ${{ env.REGISTRY }} username: ${{ github.actor }} @@ -33,7 +33,7 @@ jobs: - name: Build new skeleton builder id: build-skeleton-builder - uses: docker/build-push-action@v3 + uses: docker/build-push-action@v6 with: context: docker/builder file: docker/builder/modern_bpf_probe.Dockerfile @@ -43,7 +43,7 @@ jobs: - name: Build new builder id: build-builder - uses: docker/build-push-action@v3 + uses: docker/build-push-action@v6 with: context: docker/builder platforms: linux/amd64,linux/arm64 diff --git a/.github/workflows/ci-check.yaml b/.github/workflows/ci-check.yaml index 874f07358c..77ba512314 100644 --- a/.github/workflows/ci-check.yaml +++ b/.github/workflows/ci-check.yaml @@ -5,5 +5,5 @@ jobs: actionlint: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - uses: reviewdog/action-actionlint@v1 diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index d17c9d6050..fe81da1a17 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -19,7 +19,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout Sysdig - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: fetch-depth: 0 @@ -32,7 +32,7 @@ jobs: - name: Set up QEMU if: steps.builder-files.outputs.any_changed == 'true' - uses: docker/setup-qemu-action@v2 + uses: docker/setup-qemu-action@v3 with: platforms: 'amd64,arm64' @@ -42,7 +42,7 @@ jobs: - name: Login to Github Packages if: steps.builder-files.outputs.any_changed == 'true' - uses: docker/login-action@v2 + uses: docker/login-action@v3 with: registry: ${{ env.REGISTRY }} username: ${{ github.actor }} @@ -52,18 +52,18 @@ jobs: id: get-new-skeleton-builder if: steps.builder-files.outputs.any_changed == 'true' run: | - echo "name=skeleton_builder_image::${{ (github.event.pull_request.number != '') && format('{0}:{1}', env.SKEL_BUILDER_IMAGE_BASE, github.event.pull_request.number) || env.SKEL_BUILDER_DEV }}" >> $GITHUB_OUTPUT + echo "skeleton_builder_image=${{ (github.event.pull_request.number != '') && format('{0}:{1}', env.SKEL_BUILDER_IMAGE_BASE, github.event.pull_request.number) || env.SKEL_BUILDER_DEV }}" >> $GITHUB_OUTPUT - name: Get new builder image tag id: get-new-builder if: steps.builder-files.outputs.any_changed == 'true' run: | - echo "name=builder_image::${{ (github.event.pull_request.number != '') && format('{0}:{1}', env.BUILDER_IMAGE_BASE, github.event.pull_request.number) || env.BUILDER_DEV }}" >> $GITHUB_OUTPUT + echo "builder_image=${{ (github.event.pull_request.number != '') && format('{0}:{1}', env.BUILDER_IMAGE_BASE, github.event.pull_request.number) || env.BUILDER_DEV }}" >> $GITHUB_OUTPUT - name: Build new skeleton builder id: skeleton-builder if: steps.builder-files.outputs.any_changed == 'true' - uses: docker/build-push-action@v3 + uses: docker/build-push-action@v6 with: context: docker/builder file: docker/builder/modern_bpf_probe.Dockerfile @@ -74,7 +74,7 @@ jobs: - name: Build new builder id: build-builder if: steps.builder-files.outputs.any_changed == 'true' - uses: docker/build-push-action@v3 + uses: docker/build-push-action@v6 with: context: docker/builder platforms: linux/amd64,linux/arm64 @@ -92,7 +92,7 @@ jobs: image: ${{ needs.builder.outputs.skeleton_builder_image }} steps: - name: Checkout Sysdig - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: path: sysdig - name: Link paths @@ -116,11 +116,21 @@ jobs: runs-on: ubuntu-latest container: image: ${{ needs.builder.outputs.builder_image }} + volumes: + - '/node20217:/node20217:rw,rshared' + - '/node20217:/__e/node20:ro,rshared' env: ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION: true steps: + - name: install nodejs20glibc2.17 + run: | + yum install curl -yyq + curl -LO https://unofficial-builds.nodejs.org/download/release/v20.9.0/node-v20.9.0-linux-x64-glibc-217.tar.xz + tar -xf node-v20.9.0-linux-x64-glibc-217.tar.xz --strip-components 1 -C /node20217 + ldd /__e/node20/bin/node + - name: Checkout Sysdig - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: path: sysdig - name: Link paths @@ -169,7 +179,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout Sysdig - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: path: sysdig - name: Create build dir @@ -177,14 +187,14 @@ jobs: mkdir -p ${{ github.workspace }}/sysdig-build-aarch64 - name: Login to Github Packages - uses: docker/login-action@v2 + uses: docker/login-action@v3 with: registry: ${{ env.REGISTRY }} username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - name: Set up QEMU - uses: docker/setup-qemu-action@v2 + uses: docker/setup-qemu-action@v3 with: platforms: 'amd64,arm64' - name: Run the build skeleton process with Docker @@ -246,7 +256,7 @@ jobs: runs-on: ${{ matrix.os }} steps: - name: Checkout Sysdig - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Build run: | mkdir -p build @@ -271,7 +281,7 @@ jobs: runs-on: ${{ matrix.os }} steps: - name: Checkout Sysdig - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Build run: | mkdir -p build diff --git a/.github/workflows/release-draft.yaml b/.github/workflows/release-draft.yaml index fb34e37ea5..2481b1efd3 100644 --- a/.github/workflows/release-draft.yaml +++ b/.github/workflows/release-draft.yaml @@ -14,7 +14,7 @@ jobs: image: ghcr.io/draios/sysdig-skel-builder:dev steps: - name: Checkout Sysdig - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: path: sysdig - name: Link paths @@ -43,7 +43,7 @@ jobs: image: ghcr.io/draios/sysdig-builder:dev steps: - name: Checkout Sysdig - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: path: sysdig - name: Link paths @@ -75,14 +75,14 @@ jobs: ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION: true steps: - name: Checkout Sysdig - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: path: sysdig - name: Create build dir run: | mkdir -p ${{ github.workspace }}/sysdig-build-aarch64 - name: Set up QEMU - uses: docker/setup-qemu-action@v2 + uses: docker/setup-qemu-action@v3 with: platforms: 'amd64,arm64' - name: Run the build skeleton process with Docker @@ -134,7 +134,7 @@ jobs: runs-on: ${{ matrix.os }} steps: - name: Checkout Sysdig - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Build run: | mkdir -p build @@ -160,7 +160,7 @@ jobs: runs-on: ${{ matrix.os }} steps: - name: Checkout Sysdig - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Build run: | mkdir -p build @@ -181,7 +181,7 @@ jobs: SYSDIG_IMAGE_BASE: ghcr.io/draios/sysdig steps: - name: Checkout Sysdig - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Download artifacts aarch64 uses: actions/download-artifact@v3 with: @@ -191,19 +191,19 @@ jobs: with: name: sysdig-release-${{ env.BUILD_VERSION }}-x86_64 - name: Set up QEMU - uses: docker/setup-qemu-action@v2 + uses: docker/setup-qemu-action@v3 with: platforms: 'amd64,arm64' - name: Set up Docker Buildx uses: docker/setup-buildx-action@v2 - name: Login to Github Packages - uses: docker/login-action@v2 + uses: docker/login-action@v3 with: registry: ${{ env.REGISTRY }} username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - name: Build and push container images - uses: docker/build-push-action@v3 + uses: docker/build-push-action@v6 with: platforms: linux/amd64,linux/arm64 file: docker/sysdig/Dockerfile diff --git a/cmake/modules/cares.cmake b/cmake/modules/cares.cmake new file mode 100644 index 0000000000..1c7807f8d2 --- /dev/null +++ b/cmake/modules/cares.cmake @@ -0,0 +1,76 @@ +# SPDX-License-Identifier: Apache-2.0 +# +# Copyright (C) 2023 The Falco Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except +# in compliance with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software distributed under the License +# is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express +# or implied. See the License for the specific language governing permissions and limitations under +# the License. +# + +option(USE_BUNDLED_CARES "Enable building of the bundled c-ares" ${USE_BUNDLED_DEPS}) + +if(CARES_INCLUDE) + # we already have c-ares +elseif(NOT USE_BUNDLED_CARES) + find_path(CARES_INCLUDE NAMES cares/ares.h ares.h) + find_library(CARES_LIB NAMES cares) + if(CARES_INCLUDE AND CARES_LIB) + message(STATUS "Found c-ares: include: ${CARES_INCLUDE}, lib: ${CARES_LIB}") + else() + message(FATAL_ERROR "Couldn't find system c-ares") + endif() +else() + if(BUILD_SHARED_LIBS) + set(CARES_LIB_SUFFIX ${CMAKE_SHARED_LIBRARY_SUFFIX}) + set(CARES_STATIC_OPTION "Off") + else() + set(CARES_LIB_SUFFIX ${CMAKE_STATIC_LIBRARY_SUFFIX}) + set(CARES_STATIC_OPTION "On") + endif() + set(CARES_SRC "${PROJECT_BINARY_DIR}/c-ares-prefix/src/c-ares") + set(CARES_INCLUDE "${CARES_SRC}/include/") + set(CARES_LIB "${CARES_SRC}/lib64/libcares${CARES_LIB_SUFFIX}") + + if(NOT TARGET c-ares) + message(STATUS "Using bundled c-ares in '${CARES_SRC}'") + ExternalProject_Add( + c-ares + PREFIX "${PROJECT_BINARY_DIR}/c-ares-prefix" + URL "https://github.com/c-ares/c-ares/releases/download/v1.33.1/c-ares-1.33.1.tar.gz" + URL_HASH "SHA256=06869824094745872fa26efd4c48e622b9bd82a89ef0ce693dc682a23604f415" + BUILD_IN_SOURCE 1 + CMAKE_ARGS -DCMAKE_POLICY_DEFAULT_CMP0091:STRING=NEW + -DCMAKE_MSVC_RUNTIME_LIBRARY=${CMAKE_MSVC_RUNTIME_LIBRARY} + -DCARES_SHARED=${BUILD_SHARED_LIBS} + -DCARES_STATIC=${CARES_STATIC_OPTION} + -DCARES_STATIC_PIC=${ENABLE_PIC} + -DCARES_BUILD_TOOLS=Off + -DCARES_INSTALL=Off + BUILD_BYPRODUCTS ${CARES_INCLUDE} ${CARES_LIB} + INSTALL_COMMAND "" + ) + install( + FILES "${CARES_LIB}" + DESTINATION "${CMAKE_INSTALL_LIBDIR}/${LIBS_PACKAGE_NAME}" + COMPONENT "libs-deps" + ) + install( + DIRECTORY "${CARES_INCLUDE}" + DESTINATION "${CMAKE_INSTALL_INCLUDEDIR}/${LIBS_PACKAGE_NAME}" + COMPONENT "libs-deps" + ) + endif() + +endif() + +if(NOT TARGET c-ares) + add_custom_target(c-ares) +endif() + +include_directories("${CARES_INCLUDE}") diff --git a/cmake/modules/falcosecurity-libs.cmake b/cmake/modules/falcosecurity-libs.cmake index 1cfe37a8c9..e2bf368de8 100644 --- a/cmake/modules/falcosecurity-libs.cmake +++ b/cmake/modules/falcosecurity-libs.cmake @@ -32,8 +32,8 @@ else() # In case you want to test against another falcosecurity/libs version (or branch, or commit) just pass the variable - # ie., `cmake -DFALCOSECURITY_LIBS_VERSION=dev ..` if(NOT FALCOSECURITY_LIBS_VERSION) - set(FALCOSECURITY_LIBS_VERSION "0.18.1") - set(FALCOSECURITY_LIBS_CHECKSUM "SHA256=1812e8236c4cb51d3fe5dd066d71be99f25da7ed22d8feeeebeed09bdc26325f") + set(FALCOSECURITY_LIBS_VERSION "0.19.0") + set(FALCOSECURITY_LIBS_CHECKSUM "SHA256=77c38b45c8b29c4da4f8ce49da68278b347a403ff1075307ff0cf540596303ac") endif() # cd /path/to/build && cmake /path/to/source diff --git a/docker/builder/Dockerfile b/docker/builder/Dockerfile index 57a1f474f7..3f030f89c9 100644 --- a/docker/builder/Dockerfile +++ b/docker/builder/Dockerfile @@ -22,16 +22,21 @@ COPY ./root / WORKDIR / # build toolchain -RUN yum -y install centos-release-scl; \ +RUN sed -i 's/mirror.centos.org/vault.centos.org/g' /etc/yum.repos.d/*.repo && \ + sed -i 's/^#.*baseurl=http/baseurl=https/g' /etc/yum.repos.d/*.repo && \ + sed -i 's/^mirrorlist=http/#mirrorlist=https/g' /etc/yum.repos.d/*.repo && \ + yum -y install centos-release-scl; \ + sed -i 's/mirror.centos.org/vault.centos.org/g' /etc/yum.repos.d/*.repo && \ + sed -i 's/^#.*baseurl=http/baseurl=https/g' /etc/yum.repos.d/*.repo && \ + sed -i 's/^mirrorlist=http/#mirrorlist=https/g' /etc/yum.repos.d/*.repo && \ yum -y install devtoolset-9-gcc devtoolset-9-gcc-c++ git wget make m4 rpm-build clang perl-IPC-Cmd ; \ source scl_source enable devtoolset-9 -# With some previous cmake versions it fails when downloading `zlib` with curl in the libs building phase -RUN curl -L -o /tmp/cmake.tar.gz https://github.com/Kitware/CMake/releases/download/v3.22.5/cmake-3.22.5-linux-$(uname -m).tar.gz; \ +RUN curl -L -o /tmp/cmake.tar.gz https://github.com/Kitware/CMake/releases/download/v3.27.6/cmake-3.27.6-linux-$(uname -m).tar.gz; \ gzip -d /tmp/cmake.tar.gz; \ tar -xpf /tmp/cmake.tar --directory=/tmp; \ - cp -R /tmp/cmake-3.22.5-linux-$(uname -m)/* /usr; \ - rm -rf /tmp/cmake-3.22.5-linux-$(uname -m)/ + cp -R /tmp/cmake-3.27.6-linux-$(uname -m)/* /usr; \ + rm -rf /tmp/cmake-3.27.6-linux-$(uname -m)/ # DTS ENV BASH_ENV=/usr/bin/scl_enable \